Binary Encryption / Decryption Method For Secure Audio / Video Broadcast And Communication And For Data Transmission / Storage

ABSTRACT

An encryption / decryption method is disclosed, where the input data string is described in term of consecutive groups of alternating same type bits, where one of these groups of same type bits is defined as a preferred group with the other groups having either lower or higher number of same type bits, where the data string is partitioned into variable length processing strings where the variable length is determined by the occurrence of the preferred group or of a determined number of bits consisting of groups of lower number of same type bits, where these variable length processing strings are encrypted function of the configuration and content of each processing string only, where consecutive processing strings are additionally encrypted based on their content only, where further encryption is performed from permutations of select partitions of groups of processing strings only as well as from permutations of select partitions of consecutive processing strings, where all said encryption means creating a total encryption space, where this total encryption space is represented by a multitude of encryption keys, where each of said encryption keys is interpreted using a set of reference data, and where communication between a data sender device and a data receiver device is secured by conforming to device specific settings.

FIELD

The present disclosure relates to data encryption / decryption methods,and in particular to binary data encryption / decryption methods thatare suitable to be implemented in silicon, as a circuit, in addition (ornot only) to be implementable in software.

BACKGROUND

Certain aspects disclosed in the utility patent application (UPA)mentioned below are being used in the present disclosure. This UPA isfiled by the same unique inventor as the present disclosure. This UPA ismentioned here as background for this disclosure. The present disclosurerepresents new matter. This background utility patent application (UPA)is:

-   EFS ID: 43475104-   Application Number: 17398728-   Applicant Name: Radu Mircea Secareanu-   Filing date: 10-AUG-2021

SUMMARY

There are two primary aspects that are disclosed:

-   a. The data encryption / decryption method in itself-   b. The suitability of the disclosed data encryption / decryption    method for hardware implementation

Across the disclosure, the data encryption / decryption method will bereferred to as “method”, or “technique”, or DED method, all beingequivalent.

Regarding the first disclosed aspect - the data encryption / decryptionmethod in itself. At the onset, a note regarding the structure of thisdisclosure is required, note that will enable better understanding ofthe flow of the disclosure. Key concepts are defined, detailed,exemplified, concepts that the disclosed embodiments from the presentdisclosure are based on. The DED method in progressively introducedduring this process.

In summary, the DED method works as follows: an Initial Full Data String(IFDS) is serially partitioned into a number of sequential ProcessingStrings (PS), where the length of each PS is determined by twoconditions: 1) the occurrence of a fixed bit pattern, called Delimiter(DE) or by the reach of a set limit number of bits, and 2) by thedesired encryption strength to be implemented. The concept of“encryption strength” in this context will be detailed later in thisdisclosure. Every such determined PS is classified and then encrypted intwo independent ways:

-   a) individually, every PS is encrypted as a whole, and-   b) the said PS classification of every two adjacent PS, are    encrypted

Once the end of the IFDS is reached, it is called that the end of oneencryption cycle is reached. Yet another encryption cycle can be appliedto the data by repeating the process, using as new IFDS the output ofthe just completed cycle, since the said output has a very differentstructure as compared to the initial input IFDS. The size of the outputfrom one completed cycle is exactly the same as the size of the inputIFDS, no matter the said size of PS, or said applied encryption of theindividual or every two adjacent PS, therefore the size of the data isalways the same, no matter the encryption complexity. Unlimited numberof cycles can be processed for unlimited encryption complexity, as willbe disclosed here. The decryption is perfectly mirrored to theencryption process, leading to an identical restored file to the initialIFDS, which was the input to the first cycle.

In summary, there are several fundamental encryption approachesdisclosed here:

-   1. The length of the partitioned PS represents an encryption choice    applicable to every IFDS. There are thirteen lengths considered as    practical, that are proposed and discussed. For sophisticated    encryption applications, the length of the partitioned PS has no    theoretical limits -practically, the only limitation, or cost, being    the memory that is associated to an increase in PS length, as    explained in the disclosure-   2. Individual PS encryption - same PS can have a different    encryption during one given cycle. There are several encryption    variables applicable in this category, as will be detailed in this    disclosure.-   3. Two consecutive PS can be paired and have a different encryption    during one given cycle. There are several encryption variables    applicable in this category as well, as will be detailed in this    disclosure.-   4. The above three encryption approached can be varied without any    limits by repeating the cycle unlimited times, i.e., the above    mentioned encryption choices (variability) are multiplied in term of    variability by the number of cycles.

The practically unlimited encryption choices, or encryption space, willbecome apparent, as the disclosure is being presented. An importanthighlight is regarding an important goal of this disclosure - theencryption space has practically no limits, but even with all thisspace, the file remains the same size no matter the encryptioncomplexity. While this is a goal of this disclosure, the embodimentsdisclosed here are in no way limiting to be applied to a filecompression or expansion process that occurs before or during theencryption / decryption process.

Regarding the second disclosed aspect - the suitability of the disclosedDED method for hardware implementation. As will be apparent from thedetails presented in this disclosure to a person familiar with digitaldesign, the DED method can be immediately implemented using basicdigital circuitry. In addition, due to the serial nature of the DEDmethod, the various stages of combinatorial logic are suitable to beplaced in a pipeline (again, a concept familiar for people skilled indigital design), the pipeline implementation (in a single, non-paralleldata path) providing the highest encryption/decryption speed possible ina hardware implementation.

A topic of interest is an indication regarding the implementationcomplexity and performances of the encryption / decryption process. Thiswill be summarized briefly next, referring to a hardware implementationof the DED method. A software implementation of the DED method is goingto be discussed in this disclosure as a parallel to the hardwareimplementation which receives first priority in this disclosure.

Referring to the four encryption approaches outlined above, the firstthree are applicable within any given cycle. The fourth encryptionapproach refers to repeating cycles, where the encryption choicesapplicable to the first three approaches are changed. To give an orderof magnitude estimation for the encryption speed, consider that theencryption chip operates with a 2 GHz clock, in-between two consecutivepipeline stages there are twenty clock cycles, and one PS flowssequentially through the pipeline over every pipeline stage. Considertwo cases - encryption in one cycle (1, 2, 3 approaches apply), andencryption in multiple cycles (1, 2, 3, 4 approaches apply).

-   1. Encryption in one cycle    -   a. The encryption speed is (size of IFDS)/(average size of        PS)*(20 clock cycles)        -   i. Example 1: size of IFDS is 1Mbit and average size of PS            is 20 bits --- speed is 1 million clock cycles. At 2 GHz            clock, that is 0.5 ms.        -   ii. Example 2: size of IFDS is 2Gbits and average size of PS            is 10 bits --- speed is 200 million clock cycles. At 2 GHz            clock, that is 0.1 s.    -   b. Another way to look at speed for one cycle encryption is from        the point of view of latency of the data flow. In this case,        encrypted data is available every 20 clock cycles (every one        pipeline stage latency) --- which means that from this point of        view, in the one cycle case, the encryption speed is one        pipeline stage (20 clock cycles). At 2 GHz clock, that is 10 ns.-   2. Encryption in multiple cycles    -   a. The encryption speed is (size of IFDS)/(average size of        PS)*(20 clock cycles)*(number of cycles)        -   i. Example 1: size of IFDS is 1Mbit and average size of PS            is 20 bits, 10 cycles --- speed is 10 million clock cycles.            At 2 GHz clock, that is 5 ms.        -   ii. Example 2: size of IFDS is 2Gbits and average size of PS            is 10 bits, 5 cycles --- speed is 1 billion clock cycles. At            2 GHz clock, that is 0.5 s.-   3. For both encryption in one cycle and encryption in multiple    cycles, for the first cycle only, there will be a data latency    coming from the data preparation, as will be discussed in the    disclosure. This data latency depends on the desired encryption    strength.

Decryption speed is essentially similar (or largely equal) to theencryption speed.

In conclusion of this summary chapter, the embodiments that aredisclosed here permit the following highlights to be stated:

-   i. The DED method offers four fundamental encryption approaches,    with practically an unlimited variation for encrypting a binary    file.-   ii. The encrypted file is always the same size as the original file,    no matter the encryption complexity that is being applied.-   iii. The DED method can be implemented in hardware straightforward,    in a pipelined, memory based architecture, leading to a high data    throughput.-   iv. The encryption speed is essentially the same as the decryption    speed, where said speed is directly proportional with the number of    encryption cycles and the size of the binary string to be encrypted.

BRIEF DESCRIPTION OF DRAWINGS

Embodiments will be described, by way of example, with reference to thedrawings, in which

FIG. 1 is used to summarise several key concepts for this disclosure,such as first bit (FB), alternate bits (AB), relative bits (RB), and RBtransformation, concepts used in one or more of the embodiments.

FIG. 2 and FIG. 3 is used to summarise additional key concepts for thisdisclosure, such as delimiter (DE), link bit (LB), processing string(PS), PS core, and PS characteristic number (or Sum), concepts used inone or more of the embodiments.

FIG. 4 , FIG. 5 , FIG. 6 , and FIG. 7 are used to summarise theprocedure to create the unique correspondence and assignment between aninput PS and the corresponding output description, unique correspondenceand assignment used in one or more of the embodiments.

FIG. 8 is used to summarise the concepts of absolute identifier (AI) androot identifier (RI), as well as the procedure in which these are used,concepts and procedure used in one or more of the embodiments.

FIG. 9 and FIG. 10 are used to introduce how to uniquely describe anyinput binary string in term of processing strings and constructsspecific to this disclosure, unique description that is used in one ormore of the embodiments.

FIG. 11 is used to introduce, describe, and illustrate the flow,implementation, and suggested hardware architecture used for encryption,in accordance to one or more of the embodiments

FIG. 12 is used to introduce, describe, and illustrate the flow,implementation, and suggested hardware architecture used for decryption,in accordance to one or more of the embodiments

DETAILED DESCRIPTION OF THE INVENTION

At the outset it should be noted that the examples presented in thedisclosure are in no way limiting, and the skilled person willappreciate that the disclosure is equally applicable to multiplevariations and alternatives, and multiple optimizations are possible toincrease the performance, such as the encryption variability.

Several concepts relevant for this disclosure are discussed in detailnext, including by using examples.

-   1. First bit (FB), alternate bits (AB), and relative bits (RB)-   2. Delimiter (DE) and link bit (LB)-   3. Bit sum (Sum) and processing string classification (PS class)-   4. Processing string format (PS format) as full PS, exception PS,    and termination PS-   5. PS input core acceptable configurations (ICAC), PS output    description configurations (ODC), and PS remain output description    configurations (RODC).-   6. Root identifiers (RI) and absolute identifiers (AI)

FIG. 1 is used to summarise the FB, AB, and RB concepts.

a. In any binary string, there are groups of same type bits, with thebits in any two such consecutive groups alternating. String 100 is anexample string, considered here to exemplify the concepts. In string100, 101 is the first bit (FB) in this string, with a value of 0. 102 ispointing to an underscore, used to improve string readability in thisdiscussion.

b. String 100, rewritten in term of AB, is shown at 106. The numbersrepresent the number of bits in alternating groups of same type bits.103 represents string 100, rewritten in term of FB and AB.

c. The relative bit is defined as the change in the upcoming bitrelative to the current bit. If the upcoming bit changes value (0 to 1or 1 to 0), the relative bit has a value of 1. If the upcoming bit has aconstant value (0 to 0 or 1 to 1) the relative bit has a value of 0.

d. The RB transformation of string 100 is shown at 105, while the string100 rewritten to incorporate RB transformation, in term of AB and FB isshown at 104 (107).

FIG. 2 and FIG. 3 is used to summarise the DE, LB, PS, PS core, and PScharacteristic number (or Sum) concepts

a. A delimiter (DE) is defined as a group of bits of a chosen pattern. Agroup of four same type bits is used in this disclosure as DE.

b. DE is used to define a PS - a PS is defined as any collection ofgroups of same type bits in-between two consecutive DE, where saidcollection ends with a DE, and where, for the DE defined as a group offour same type bits, any such group in-between two consecutive DE hasless than four same type bits.

c. Given the above definitions, string 200 in FIG. 2 has two PS (PS_2and PS_3, shown as 220 and 230). PS_1 (210) is the first PS in thestring, and PS_4 (240) is the last PS in the string.

d. The link bit (LB) is introduced because after a DE, same type oropposite type bits can follow. For example, 221 has the same type bit asthe 211 DE, while 231 has the opposite type bit as the 222 DE. LB has avalue of 0 if same type bits follow, and has a value of 1 if oppositetype bits follow.

e. In FIG. 2 , 204 for PS_1, 221 plus 205 for PS_2, and 231 for PS_3 arecalled PS core. 241 for PS_4 (termination PS) is called PS content.

f. In FIG. 2 , the IFDS (200) and every PS have been described in termof absolute bits for clarity. However, in this disclosure, theequivalent FB/AB representation (detailed in FIG. 3 ) is required (whereAB can be a representation of IFDS RB transformation).

g. In FIG. 3 , the FB/AB for PS_1, PS_2, PS_3, and PS_4 are shown asrespectively 310, 320, 330, and 340. For PS_1, PS_2, and PS_3, 311, 321,and 331 respectively represent the PS content, 312, 322, and 332represent the PS DE, 313, 323, and 333 represent the PS LB. For PS_4termination PS, 341 is the content.

h. With reference to FIG. 3 , adding all the bits in a PS core, a PScharacteristic number, or Sum, is obtained. For PS_1, 311 gives a Sum of8, for PS_2, 321 gives a Sum of 8, for PS_3, 331 gives a Sum of 1. Sumcannot be defined for a termination PS.

a. The three PS are classified as Sum_DE, namely PS_1 as 8_4, PS_2 as8_4, PS_3 as 1_4.

i. As mentioned, LB is introduced to handle the bits coming after a DE.

When DE consists of four same type bits (as considered in thisdisclosure):

-   a. If the bits coming after a DE are less than four same type bits,    then these bits become part of the next PS (as exemplified by PS_2    and PS_3 above).-   b. If the bits coming after a DE are four or greater same type bits,    these bits become what is called an exception PS. The characteristic    of an exception PS is that it has a core of zero bits, the content    is made of all bits of same type following a DE until that bit type    changes value, and since the content indicates when the bit changes    value, an exception PS does not need a link bit.-   c. An exception PS always comes after a DE, with the only exception    being that it can be the first PS in an IFDS.

There are four types of supported PS therefore:

-   Full PS, always in-between two consecutive DE or as the first PS in    an IFDS, having a core, a DE, and a link bit, defined as class    Sum_DE (for example, 1_4)-   Exception PS, always follows a DE or is the first PS in an IFDS,    having a content only, where the content is always greater or equal    to four same type bits-   Termination PS, always the last PS in an IFDS.-   Open-string PS, always following a full PS, an exception PS, or    another open string PS, having core only and characterized by the    fact that the core reaches a set number of bits without a DE    occurring.

All the concepts above describe how to identify, classify, and format aPS in an input IFDS. The next concepts refer to how to uniquely formatthe output in accordance to each and every input PS. To exemplify thisunique correspondence that is being created between input PS and output,initial focus is on full PS.

As mentioned, a full PS consists of core, DE, and LB. Each of thesethree components will be discussed, outlining the unique input-outputcorrespondence and transformation.

a. The four bit DE at the input becomes a four bit identifier at theoutput, uniquely identifying the input PS classes.

b. The core:

-   a. When written in FB/AB format, two configurations are enabled to    have the same description, and this constitutes one of the main    advantage of using the FB/AB format. For example, in class 4_4,    configurations 0110 and 1001 (absolute bits) have the same AB format    description, namely 121 (one bit - two bits - one bit).-   b. Core configurations containing groups of 1, 2, and 3 same type    bits are called acceptable configurations. There are also    non-acceptable configurations. To understand the concept of    acceptable and non-acceptable configurations, the delimiter rule    (i.e., the rule that says that in-between two delimiters only groups    of 1, 2, and 3 same type bits can exist) will be ignored in the    discussion to follow. The position of two initial delimiters is    maintained. By ignoring the delimiter rule but keeping the location    of the initial delimiters, groups of four or more same type bits    in-between two delimiters can exist. For example:    -   i. A PS class with Sum smaller than 4 (classes 1_4, 2_4, and        3_4), has only acceptable configurations.    -   ii. A PS class with Sum greater or equal to 4 has both        acceptable and non-acceptable configurations. These are        exemplified in FIG. 4 , for the first two classes with Sum        greater or equal to 4 (class 4_4, and class 5_4, for which Sum=4        (shown as 403) and Sum=5 (shown as 406)). Looking at the 401        index, for class 4_4, the first seven configurations of the core        are acceptable, while the 8^(th) configuration (408) is not        acceptable. Similarly, for class 5_4, the first 13        configurations are acceptable, while the last three (409, 410,        and 411) are not acceptable.-   c. Both the acceptable and non-acceptable configurations receive a    unique description 404/407 that correspond to every actual existing    input core configuration 402/405.-   d. The acceptable configurations are called ICAC (input core    acceptable configurations). The unique description corresponding to    every ICAC is called ODC (output description configuration), while    the description corresponding to every non-ICAC configuration is    called RODC (remain output description configuration).-   e. RODC increases as the class order (or SUM) increases. This is    shown in FIG. 5 .    -   i. As mentioned, class 1_4, 2_4, and 3_4 (Sum=1, Sum=2 and        Sum=3) have only ICAC, therefore do not have RODC.    -   ii. Classes 4_4 to 14_4 (Sum=4 to Sum=14, listed in column 501),        all have RODC. The number of RODC for every class is listed in        column 504. As shown, this number increases as the class order        increases. Column 502 represents the ICAC for a respective        class, while column 503 represents the total supported        configurations in that class (ODC+RODC). The worth factor        (column 505) will be discussed later.

c. The LB

a. Note that LB for a PS in an input IFDS is an abstract concept, i.e.it is a bit that does not exist in reality. This bit is defined andintroduced because, the same LB, with the same value, is required in theunique corresponding output.

In FIG. 6 , the input (604) to output (614) transformation for a full PSis shown. 601, 602, and 603 are the three input components (core orICAC, DE, LB), and 611, 612, and 613 are the three output components(identifier, ODC corresponding to ICAC, and LB).

An actual example of such input-output transformation, together with afull list of identifiers and their meaning, are shown in FIG. 7 . Theinput PS is 701, consisting in core (702), DE (703) and LB (704). Tothis specific input PS, the corresponding output is 711, with 712 beingthe identifier, 713 being the ODC, and 714 being LB. Note that 713 (010)corresponds to the 121 core, as shown in FIG. 4 at class 4_4, while theidentifier for class 4_4 (column 722) is 0100, shown by 724,corresponding to a full PS as indicated in column 723. The list of allidentifiers, for all classes, is detailed in column 721.

The identifiers listed in column 721 are called core identifiers. Notethat they are used for exception PS (0000 and 1111), for PS classes thatdo not generate RODC (0001, 0010, and 0011), and for PS classes thatgenerate RODC (all other 11 identifiers).

-   The RODCs generated by the 11 classes that generate RODC (classes    4_4 to 14_4) become identifiers in themselves for PS classes larger    than 14_4 and for open string PS.-   These RODCs are characterized by a “Worth” factor - column 505 in    FIG. 5 . To give an example of such a worth factor, consider the    single RODC generated by class 4_4. This RODC becomes a seven bit    identifier (0100_111) for classes larger than 4_4. This 7 bit    identifier can cover two class 5_4 configurations, 4 class 6_4    configurations, 2 ¹¹ class 15_4 configurations, and so on, for every    class, the worth factor increases by a factor of 2.

Next, the concepts of absolute identifier (AI) and root identifier (RI)are reviewed.

An absolute identifier represents the full description of the outputconfiguration used to describe an input PS

-   For example, if the input PS is a class 4_4 full PS, specifically    1_2_1_4, this corresponds to an output description of 0100_010, and    this is known as the absolute identifier for the 1_2_1_4 full input    PS. Of course, the AI for a full PS is always followed by an LB, but    the LB is not part of the AI.

A root identifier (RI) is defined as the minimum common root to describea group of AI within a single class only

-   For example, considering class 4_4 for this discussion: the 7    configurations of class 4_4 can be described as 4+2+1 in term of    primary binary numbers.-   Accordingly, class 4_4 has three root identifiers, the first one    representing a group of 4 configurations, the second one    representing a group of 2, and the third one representing a group of    1 configuration.-   The root identifier consists of the core identifier (see FIG. 7 ),    followed by the root of each of the three groups (see FIG. 4 ):    0100_0 for the first group, 0100_10 for the second group, and    0100_110 for the third group.-   Therefore, class 4_4 has three RI - a five bit RI representing a    group of 4 configurations, a six bit RI representing a group of 2    configurations, and a seven bit RI representing a group of 1    configuration. The three root identifiers are called to be of class    5, class 6, respectively class 7.-   The three RIs, as described, are primary Rls. These can be    transformed in three 6 bit RI (with two configurations each) and one    7 bit RI, or can be transformed in seven 7 bit RI.

When an output is described using RIs, the output will consist of twostrings, instead of 1 string, as exemplified in FIG. 8 , where two PSare considered as an example for this discussion.

-   The first PS, 801, is a class 2_4 full PS. Normally, this is unitary    described at the output as 830. Any such unitary output of a PS has    two components: an RI (RI1, as 834) and a detail (DI1, as 835),    detail part representing the remainder after removing the RI.-   The second PS is an exception PS, 802, normally described as 840,    and described in term of RI and detail as 844 and 845. Note that for    exception PS, the detail part is null.-   The regular output would be 803 (a single string, consisting of one    output PS after another, in order).-   When RI plus Detail description is used, the output will consist of    two strings, 813 and 823, one string consisting of RIs, and the    other string consisting of details of each output PS, in order. In    the RI string, the RIs are paired, as shown by 814, 815, 816, for    further processing, as will be shown. No further processing is    performed in the detail string.

One of the key goals of this disclosure is the development of a DEDmethod where, irrespective of the DED complexity, the size of theencrypted/decrypted file remains exactly the same as the initial file.This goal is achieved by defining a set of limited number of PS classesso that any IFDS can be encrypted and then seamlessly reversed(decrypted). This limited number of PS classes is defined and discussedwith reference to FIG. 9 and FIG. 10 (FIG. 10 is a continuation of FIG.9 ). In these two figures:

-   901 column is an index, or a counter, showing how many PS classes-   902 column is showing the corresponding PS class, for every index-   The 903 row in FIG. 9 relates to exception PS (per the exception PS    definition). In reality, there is a class for exception PS of class    5, one for class 6, and so on. Row 903 condenses all these classes    into one entry. As shown in FIG. 7 , exception PS of greater or    equal to 5 same type bits uses the core identifier 1111 (5 is    1111_0, 6 is 1111_10, 7 is 1111_110, and so on).-   Classes 1_4 to 14_4 do not require any further comments. These are    full PS classes, and have been discussed also with reference to FIG.    7 and partly with reference to FIG. 5 .-   At row 904 in FIG. 10 , variable k is introduced.    -   ∘ This k variable has a range from 1 to m, with m being the        maximum value. Variable m can be minimum 1, case in which the        range for k is 1 to 1, i.e. 1.    -   ∘ All classes (14+k)_4 are regular, full PS classes. Note that        position 904 represents multiple entries. For example, if m=10,        position 904 represents ten entries, i.e. ten classes, from 15_4        to 24_4. If m=1, position 904 represents one entry, i.e. class        15_4.    -   ∘ The value for m is chosen as one of the variables to increase        the encryption strength. The larger the m value, the stronger        the encryption, but the larger the complexity, where one of the        implementation measures for complexity is the memory needs.        -   Since the memory needs is mentioned, clarifications are            required. For example, if m=1, the memory needs needed to            encrypt all configurations is about 190k binary words of 22            bits. If m=13, the memory needs to encrypt all            configurations reaches about 300 M binary words of 34 bits.            As m increases further, the trend is apparent (memory            increases and the binary word necessary for one memory            location increases).-   Starting with 905, the maximum value of k, m, is relevant. To focus    the discussion, m=1 (k=1) will be considered.    -   ∘ 904, position 17, is class 15_4.    -   ∘ 905 and 906 are classes 16_3 and 17_2.        -   Regular full PS classes, of format such as 15_4 (generally            x_4) mean that in the 15 bits preceding the 4 same type bit            DE termination, any combination of same type bit groups of            1, 2, and 3 bits can occur. Classes 16_3 and 17_2 have the            same meaning, but the termination is 3, respectively 2 same            type bits. Both classes 16_3 and 17_2 use a link bit just            like a regular full PS, so, after the 3, respectively 2            termination, any number of bits of same type or opposite            type as the termination can occur.    -   o Positions 907 to 915 consist of three groups of classes: the        15_3 group, the 16_2 group, and the 17_1 group.        -   Each group consists of three classes: 15_3_1, 15_3_2, and            15_3_3, then 16_2_1, 16_2_2, and 16_2_3, respectively            17_1_1, 17_1_2, and 17_1_3.        -   The meaning of the three numbers is as discussed above. For            example 15_3_1: 15 supports any combination of 1, 2, and 3            same type bits, and 3 and 1 are terminations of 3            respectively 1 same type bit groups. The last bit in the 15            always changes value with the group of 3, which always            changes value with the group of 1.        -   The first two numbers always make 18 when summed (15+3,            16+2, and 17+1).        -   15_3, 16_2 and 17_1 are the only possible combinations in an            18 bit in the defined conditions disclosed here. - The third            bit is always 1, 2, and 3 for all three 15_3, 16_2, and 17_1            groups.        -   None of the nine classes require a link bit (LB). This is            key, because it allows to “pack” double the amount of output            combinations in the same number of bits. This also means            that the bit coming after the 1, 2, respectively 3 same type            bit termination, always changes value.        -   Note that all three groups generate 18_1, 18_2, and 18_3, in            different configurations (as 15_3, 16_2, or 17_1). So, in            order to close and have any combination possible, regular            18_4 full PS class (with LB) is needed to be added and that            is done on position 916 (position 29 for m=1).-   Accordingly, the above collection of classes, as presented and    discussed with regard to FIG. 9 and FIG. 10 , permit the encryption    of any IFDS, using a predefined maximum number of bits.    -   ∘ In the case of m=1, this predefined maximum number of bits is        22 (18+4 from class 18_4).    -   ∘ In the case of m=13, this predefined number of bits is 34        (30+4 from class 30_4).    -   ∘ For any m, classes at positions 907 to 915 offer the needed        open string, as defined. Classes at 907 to 915 are open string        PS classes. These classes clearly have their own RI.    -   ∘ The number of required classes to cover any IFDS depends on        the encryption strength that is chosen. For example, for m=1, 29        classes are needed. For m=13, 41 classes are needed. In other        words, the number of classes required to cover any IFDS is 28+m.

Full PS, exception PS, and open string PS have all been clarified. A fewwords about a termination PS are required.

-   As described, the largest class, in term of bit length, is class    18_4 for m=1, and 30_4 for m=13. That is a 22 bit respectively 34    bit maximum PS, for a number of classes equal to 28+m. This    indicates that the maximum PS can be written in tem of number of    classes as 28+m-7, or 21+m.-   A termination PS is defined as a string of data, (21+m) bits or less    in length, representing the last bits before the end of an IFDS.-   In other words, the last (21+m) bits or less of an IFDS are not    processed through the normal procedure as described in this    disclosure, no matter what these last (21+m) bits or less contain,    including if these bits contain a full PS of any class that fits in    the (21+m) bit space, an open string, or (21+m) bits of same type    (an exception PS). The following need to be clarified:    -   a. If any class starts before the (21+m) bit from last and        extends into the last (21+m) bits of the IFDS, it is processed        normally.    -   b. Anything within the last (21+m) bits of the IFDS, even if it        is a class that would start and complete before the IFDS ends,        is processed differently.

This different processing named above at b. is introduced next.

-   Since in the termination PS there is no restriction such as that    imposed by the delimiter rule so that in the PS core there are only    groups of 1, 2, and 3 same type bits, the termination PS can contain    groups of any number of same type bits, from 1 to (21+m).-   For every such group of “y” same type bits in the termination PS,    the representation in the output will be (y-1) of 1 and 1 of 0.    -   Example 1: group of 1 same type bit (y=1). Representation is 0        (y-1) of 1 and 1 of 0, i.e. representation is bit 0.    -   Example 2: group of 14 same type bits (y=14). Representation is        13 (y-1) of 1 and 1 of 0, i.e. representation is        1111_1111_1111_1_0.-   Always:    -   The last 0 from the representation of the bits of the        termination PS in the output is dropped, since that last 0 is        self understood, therefore redundant.    -   If the IFDS ends in the maximum applicable class (for example        18_4 for m=1 or 30_4 for m=13), the LB of that class is not        necessary anymore, therefore will be dropped.

A termination PS does not have a specific class assignment, or RI. Atermination PS is therefore left as is, and the hardware or softwareimplementation of the encryption will recognize the termination PS beingthe last PS in the IFDS and based on the above described rules.

A very well defined set of primary root identifiers (RI) can be derivedfor this 28+m set of PS classes. As defined and discussed, primary RIare RI that are not transformed, i.e. they represent each and everyclass as is.

An example is provided for this discussion, in order to advance in thedescription of the disclosure.

-   For m=1, there are 29 classes of PS, as described above-   In accordance to the derivation of primary RI, as outlined above,    these 29 classes have primary RI of class 4 to class 21. The total    number of primary RI for all these 29 classes is 148. Each of the 18    primary RI classes (4 to 21) have a well-defined number of RI    members. For example, class 4 has 5 RI members, class 5 has 10 RI    members, class 6 has 12 RI members, and so on.-   As discussed with reference to FIG. 8 , the output can be described    by two strings, the RI string, and the detail string. The RI string    can be further processed by pairing consecutive RI.    -   o Processing of multiple RI (such as three, or four) can be        developed, and this is in no way limiting to the content        presented in this disclosure, with the title of example or        otherwise.-   When pairing two consecutive RI, the resulting pair has in-between 8    and 42 bits.    -   For example:        -   Example 1:            -   i. As mentioned, there are five primary RI of four bits                (class 4 RI)            -   ii. If, in the output, there are two consecutive class 4                RI, they create an eight bit unique pair. Since there                are five such class 4 RIs, the pair can have 25 possible                alternatives.        -   Example 2:            -   i. An RI pair that has ten bits, can be constituted by                classes of RI 4-6, 5-5, or 6-4. The total number of such                alternatives for an RI pair of 10 bits is 220.-   Every RI pair of 8 to 42 bits will accordingly have a set number of    alternatives, or members. For one pair, the number of such    alternatives varies between minimum 16 (for pairs of 42 bits) and    maximum 1276 (for pairs of 22 bits). The total number of pairs is,    in this case of m=1, 21904.-   Each of these 21904 pairs can be described, with an equivalent word    that has an equal number of bits to the original.    -   For example, an 8 bit RI pair, that has 25 alternatives, can be        described by 000_xxxxx, where xxxxx (five x) will cover the 25        alternatives. The seven remaining options (xxxxx has 32        positions) will be used as 14 positions for the nine bit RI        pair.

Similar to the PS discussion, for these RI pairs, the following can bedefined:

-   RI pair classes.    -   An RI pair class is a group of RI pairs that result in the same        number of bits. For example, an RI pair that has 8 bits        (resulting from pairing an RI of 4 bits with an RI of 4 bits),        is called to be of class 8. An RI pair that has 10 bits,        resulting from pairing RI of (first RI - second RI) 4-6, or 5-5,        or 6-4 bits, is called to be of class 10. Each such RI pair        class will have an equivalent description as described for class        8 (i.e. 000_xxxxx).    -   For m=1, there will be therefore 35 RI pair classes (from class        8 to class 42). As m increases, the number of RI pairs        increases, leading to further encryption strength.    -   Each RI pair class has its own number of RI pairs. As mentioned        above, for example, for m=1, class 8 has 25 pairs, class 10 has        220 pairs, class 22 has 1276 pairs, and class 42 has 16 pairs.-   •RI pair headers    -   Similarly to PS classes where core identifiers have been        defined, for the RI pairs, the equivalent of core identifiers        can be defined. For RI pairs, these core identifier equivalency        are called headers, and are made of the first three bits in the        equivalent description of an RI pair, i.e. from 000 to 111. Note        that each header is common to multiple RI pair classes, and that        is different from PS classes where each core identifier was        specific to one class.-   RI pair root identifiers (RI2)    -   The parallel between PS class RI and RI pair class RI is        apparent at this point    -   For example, as mentioned, the class 8 RI pair is described by        000_xxxxx, where xxxxx (five x) will cover the 25 alternatives.    -   Similarly as done for the PS class RI, number 25 is described in        term of primary binary numbers as 16+8+1.    -   That means that class 8 RI pair has three root identifiers,        therefore, three RI2 can be defined for class 8 RI pair        -   First RI2 is a four bit RI2, namely 000_0, and represents 16            alternatives        -   Second RI2 is a five bit RI2, namely 000_10, and represents            8 alternatives        -   Third RI2 is an eight bit RI2, namely 000_11_000, and            represents one alternative    -   Putting together all RI2 from all RI pairs, 39 RI2 classes, from        4 to 42, with multiple members in each RI2 class, are formed

As mentioned in the summary section, there are four encryptionapproaches that are disclosed. At this point, sufficient insight hasbeen described in order to allow appropriate description of the fourencryption approaches.

First encryption approach: The length of the partitioned PS representsan encryption choice.

-   This is done by choosing the value of variable m, greater or equal    to 1 (as discussed with reference to FIG. 9 and FIG. 10 ). The    maximum length of a partitioned PS is 22 bits (for m=1), 34 bits    (for m=13), to any integer value (proportional to m, greater than    13).-   Theoretically, there is no limit for m. Practically, m is limited by    memory needs, as described. For demanding encryption applications    where cost is secondary, large values for m can be chosen. The    larger the value for m, the higher the encryption strength.-   There are immense consequences from choosing the value of m. As    described above, as m increases, the number of PS classes increase,    the length of PS increases, the number of upper-class identifiers    increases, the number of RI, R12, and others, all increase, with    immense consequences on increasing the encryption strength,    encryption space, and the number of encryption keys, as described    below.

Second encryption approach: Same PS and its derivatives (such as RI) canhave a different encryption during one given cycle. There are threeaspects here, leading to three encryption variables.

-   First encryption variable: The assignment of an ODC to an ICAC    within every given PS class    -   To exemplify, consider class 4_4, as detailed with reference to        FIG. 4 and FIG. 7 . As shown in FIG. 4 , input PS of AB ICAC        configuration 1_2_1_4 has an output correspondence ODC of        0100_010. This is only one possible assignment or correspondence        ICAC-ODC. Any of the eight alternatives (see FIG. 4 , column        404) can be assigned to the 1_2_1_4 ICAC. Every class has a        number of ICAC - for example, for class 4_4 this number is        seven. Globally, each class can be characterized by a number        representing the total possible unique ICAC-ODC assignments for        that class. This number is called CLIO (CLass Icac-Odc) in this        document. For one class, CLIO is equal to the permutations of        all ICAC-to-ODC assignments within that class.        -   For example, for class 4_4, there are seven ICAC-to-ODC            assignments. CLIO for class 4_4 is equal to permutations of            the seven ICAC-to-ODC assignments, which is 5,040. This            number increases dramatically as the class order increases            since the number of ICAC-to-ODC assignments increases.            Further, here can be seen the significant impact that using            a large m has    -   CLIO increases dramatically as the class order increases (such        as for class 18_4), because the larger the class order, the        larger the number of ICAC in that class, the larger the number        of ICAC-to-ODC assignments, and therefore the larger the number        of permutations.    -   Further, as m increases, the number of classes increases,        therefore, for those extra classes which are by definition high        order classes, the number of ICAC is larger and larger as the        class order increases, with the same consequences as described        above.    -   Each class is independent in term of its own ICAC-to-ODC        assignments and permutations, therefore, each class has its own        characteristic CLIO number. Multiplying all the CLIO numbers for        all classes, generates a global CLIO number characterizing the        encryption space for this first encryption variable. This number        is called GCLIO for the rest of this disclosure, and is not        going to be detailed here, in this disclosure, because the        calculations are too involved and are not relevant in term of        disclosing new matter. The primary message relevant for this        disclosure is that this number is extremely large (a first order        ballpark number can be for example 10,000 multiplied 29 times        with itself, where 29 is the number of classes, for m=1). Again,        it can be seen the significant impact on this number that a        larger m has.        -   A very important aspect needs to be outlined. As mentioned            above, each class has a CLIO number. The impact on the            encryption strength is that, considering the CLIO number as            a PS encryption class space and the specific assignment used            in one encryption cycle for a PS class as a PS class key,            there are as many independent encryption keys as PS classes.            For example, there are 29 independent encryption keys for            m=1 and 41 encryption keys for m=13. Again, note the power            that variable m gives on the encryption strength.-   Second encryption variable: The assignment of core identifiers and    RODC identifiers to a PS class    -   Focusing on class 4_4 discussed above, any of the 16 core        identifiers (see FIG. 7 , column 721) can be assigned to class        4_4. Considering all 16 core identifiers, an additional        encryption space is created, where this encryption space is        equal to permutations of 16. This encryption space defines all        possible core-identifier assignments specific to one given        encryption cycle. This encryption space is called PCI        (Permutations of Core Identifiers) for the rest of this        disclosure.    -   Similarly to creating a PCI space, an encryption space can be        created through permutations of the RODC. As mentioned, the RODC        are used as identifiers for upper PS classes (class 15_4 and        above). The number of RODC used for these upper classes is        detailed with reference to FIG. 5 , column 504 and the worth        factor, column 505. Such an encryption space, when created, has        two flavours:        -   Within the RODC used for one class. The upper classes use            multiple RODC for one class as identifiers, compared to            lower classes that use one core identifier for the entire            class. Therefore, for the upper classes, an encryption space            can be defined for every such upper class, by permutating            the RODC used within that class and then multiplying those            permutations for all upper classes to create a global            variable.        -   Within the total RODC, groups of specific RODC are assigned            for each upper class. Since each upper class requires a set,            or group of RODC as identifiers, by varying such set            assignments, an incommensurable encryption space is created.            It must be noted that the size of this encryption space is            implied as “incommensurable” by the large number of RODC and            therefore the resulting number of possibilities to create            said set assignments.-   Third encryption variable: permutations of RI    -   As mentioned, the 29 PS classes (for m=1) have 148 RI, in 18        classes, with each class having a well-defined number of RI        members. Within each of these classes of RI, permutations of the        constituent RI members of that RI class can be performed,        generating an encryption space.    -   Similarly to the discussion at CLIO above, there are 18 RI        encryption keys, each with a variability factor equal to the        permutations of the constituent RI within each class, and where        these 18 variability factors are multiplied leading to a global        RI variability factor (GRIF).-   Totally, the variability factor of all three encryption variables    discussed above can be named Global PS Alternatives, or GPSA, as    used for the rest of this disclosure.    -   The GPSA number is a multiplication of GCLIO, PCI, and GRIF. The        number coming from RODC permutations, called GRODC, can further        multiply GPSA. GPSA is an extremely large number, and detailing        such a number in this disclosure has no object. For the goal of        this disclosure, it is sufficient to state that this extremely        large number defines the encryption variability generated by the        above disclosed components.-   Totally, the space of the encryption keys of all aspects discussed    above can be named as Global PS Keys, or GPSK, as used for the rest    of this disclosure.    -   The GPSK number is a sum of CLIO encryption keys, RI encryption        keys, to which the RODC encryption keys can be added.-   Clearly, the strength of the disclosed encryption consists in the    fact that such number of choices is possible, number of choice that    represents a pool from which a select number of choices will be    used. Even in the lowest encryption strength (m=1), the disclosed    encryption can have so much overwhelming variability that can be    used.

Third encryption approach: Two adjacent PS and their derivatives can bepaired and have a different encryption during one given cycle. There arethree aspects here, leading to three encryption variables.

-   First encryption variable: member assignment within an RI pair class    -   As described, for m=1 (the lowest encryption strength), when        pairing two consecutive RI, 35 RI pair classes (8 to 42) are        formed, each class having between 16 and 1276 members.    -   Similar to the first encryption variable at the second        encryption approach, every member within an RI pair class can        have a different assignment within that pair. Permutations of        these members assignment within each class will create an        encryption space for each RI pair class, called, for the rest of        this disclosure, CRIPA (Class RI pair assignment).        -   For example, class 8 RI pair has 25 members, as described.            The CRIPA number for class 8 RI pair is permutations of 25.            Note that this class is one of the classes with the lowest            number of members; for example, class 22 RI pair has 1276            members, therefore the CRIPA number for class 22 RI pair is            permutations of 1276.    -   Multiplying the CRIPA numbers for all 35 RI pair classes, will        result in a global encryption space for this first encryption        variable, where this global encryption space is characterized by        a number, called TRIPA (Total RI pair assignment) for the rest        of this disclosure.    -   Similar to the discussion at first encryption variable at the        second encryption approach, every RI pair class represents an        independent encryption key, so, for the lowest encryption        strength (m=1) there are 35 independent encryption keys (8 to        42). The number of such independent encryption keys increases        strongly with m (in accordance to the number of RI pair        dependence on the number of PS classes, respectively on the        number of m, as detailed).-   Second encryption variable: RI pair header permutations    -   As exemplified above, class 4 RI pair is described in the format        000_xxxxx. The 000_ prefix is the equivalent of a core        identifier as defined for PS classes. This prefix is called a        header for RI pair classes. There are eight such headers (000_        to 111_), which, when permutated, create an encryption space        called RIHP (RI pair header permutations). The characteristic        number associated to RIHP is permutations of 8.-   The third encryption variable: permutations of RI2    -   o As described, pairing RI lead to 39 R12 classes (from 4 to        42), where each of these classes has a number of members. Within        each of these classes of RI2, permutations of the constituent        RI2 members of that RI2 class can be performed, generating an        encryption space.    -   ∘ Similarly to the discussion at RI above, there are 39 RI2        encryption keys, each with a variability factor equal to the        permutations of the constituent RI2 within each class, and where        these 39 variability factors are multiplied leading to a global        RI2 variability factor (GRI2F).-   Totally, the variability factor of all three encryption variables    discussed above can be named Global RI pair Alternatives, or GRIPA,    as used for the rest of this disclosure.    -   The GRIPA number is a multiplication of TRIPA, RIHP, and GRI2F.        GRIPA is an extremely large number. For the goal of this        disclosure, it is sufficient to state that this extremely large        number defines the encryption variability generated by the above        disclosed components.-   Totally, the space of the encryption keys of all aspects discussed    above can be named as Global RI pair Keys, or GRIK, as used for the    rest of this disclosure.    -   The GRIK number is a sum of RI pair encryption keys and RI2        encryption keys.-   Clearly, the strength of the disclosed encryption consists in the    fact that such number of choices is possible, number of choice that    represents a pool from which a select number of choices will be    used. Even in the lowest encryption strength (m=1), the disclosed    encryption can have so much overwhelming variability that can be    used.

Fourth encryption approach: An encryption cycle can be repeatedunlimited times.

-   The above GPSA and GRIPA numbers are multiplied to give the global    number of encryption alternatives for one cycle, number also    referred to as GNAC for the rest of this disclosure.-   The above GPKA and GRIK are added to give the global number of    encryption keys for one cycle, number also referred to as GKC for    the rest of this disclosure.-   As shown, GNAC and GKC depend on m.-   First encryption approach defines the impact of m on the encryption    strength, second and third encryption approach defines the GPSA    respectively GRIPA encryption spaces and GPKA respectively GRIK    encryption keys where all GPSA, GRIPA, GPKA and GRIK are influenced    by m.-   The fourth encryption approach acts as follows:    -   As mentioned, any number of encryption cycles can be applied.    -   ∘ Every cycle generates a GNAC and a GKC. Every cycle can have a        different m.    -   If for example there are three encryption cycles being engaged,        and each encryption cycle generates GNAC_1, GNAC_2, GNAC_3, and        GKC_1, GKC_2, and GKC_3, then two final numbers are generated,        characterizing the total encryption strength:        -   Final encryption strength number, or FESN, which is equal to            the sum of GNAC generated by each cycle, i.e. GNAC_1 +            GNAC_2 + GNAC_3.        -   Final encryption key number, or FEKN, which is equal to the            sum of GKC generated by each cycle, i.e. GKC_1 + GKC_2 +            GKC_3.

FESN and FEKN represent the available encryption space for the disclosedDED. Any encryption within this space maintains the size of theencrypted file to be the same as the original file size.

In order to perform any encryption within the FESN/FEKN space, thefollowing need to be specified:

-   a. Variable m-   b. One global , PS alternative choice within the number of GPSA/GPKA    space-   c. One global RI pair alternative choice within the number of    GRIPA/GRIK space-   d. Number of cycles

All these form a binary word. Given the very large number ofalternatives in the spaces at b and c above, this binary word can be inthe thousands of bits, if all alternatives in the two spaces are desiredto be represented. Applications, users, or devices can have a set ofthese binary words for use, and these can be sequentially referred towith a lower number of bits. For example, one application/user/devicecan have say 128 binary words from the full space (each binary word sayof 32768 bits), and the respective application/ user/ device can callany of the 128 binary words of 32768 bits each with only 7 bits. Notethat the encryption space remains untouched - the said lower number ofbits to represent said set of binary words in use only refers to howmuch of the full space is desired to be used in a givenapplication/user/device. The encryption strength remains the same,because a third party would not know what the 128 binary words in useare, but more on this is disclosed below. Note that the set of binarywords in use can also be adaptive and be changed using a specific methodthat may include a deterministic measure such as the date and time ofuse, as also disclosed below.

A binary word in use is called in this disclosure a global encryptionkey (GEK). GEK should not be confused to GPKA, GRIK, GKC, or FEKN, asindicated very clearly by their definitions.

The DED method disclosed here can be implemented in software or inhardware. There are two main differences of focus between the hardwareand software implementations, the first one being the memory needs andthe second one being the security level of a communication between asender and a receiver.

Regarding the first difference, the memory needs. An example is beingconsidered, to make the point.

-   As described for the first encryption variable of the second    encryption approach, for class 4_4, there are seven ICAC-to-ODC    assignments. CLIO for class 4_4 is equal to permutations of the    seven ICAC-to-ODC assignments, which is 5,040. To cover this, in a    classic direct approach, 5,040 memory locations of 22 bits each    would be required. The 22 bit specification represents the maximum    word size for a PS class allocation, as explained, and this maximum    size is used for all PS classes.-   As mentioned above, the above described encryption space and memory    need is just for one key out of the total GKC keys in one encryption    cycle. If all keys in the GKC space would be implemented classic,    the memory needs would exceed the doable limits at present time in a    hardware implementation, and would be possible, but challenging in a    software implementation. A solution for such classic implementation    is to limit the GKC space within one application or user or device,    and in this case, the implementation becomes challenging for a    hardware implementation and perfectly doable for a software    implementation.-   In this disclosure however, a solution that makes both hardware and    software implementations perfectly doable from the memory needs    point of view while covering the entire encryption space in every    application/user/device, is disclosed next.

Regarding the second difference, the security level of a communicationbetween a sender and a receiver

-   As will be disclosed next, a hardware implementation is more secure    than a software implementation, but using the disclosed embodiments,    both hardware and software implementations reach a high security    level.

The solution mentioned above for the first difference, namely to makeboth hardware and software implementations perfectly doable from thememory needs point of view while covering the entire practicallyunlimited encryption variability space in every application/user/device,is disclosed next. The hardware implementation is detailed, and thenparallel to the software implementation is made. An example is providedto exemplify this disclosed solution.

-   The hardware implementation will not consist only of memory to store    all the variability in the encryption space, to cover all the    encryption space described above - such amount of memory is not    doable. Instead, the hardware implementation will consist of memory    and a specialized controller.    -   The memory will contain only the standard allocation for PS, RI,        RI pair, R12, and other encryption spaces and keys described        above. Standard allocation equates to the basic, non-permutated        assignments for each of the above, as described. As outlined        across the disclosure, for m=1, the necessary memory is less        than 500k in total (with different word length for PS, RI, RI        pair, RI2, or other). For m=13, the necessary memory increases        to about 500 M. Solutions to the memory requirements exist for m        larger than 13, solutions that may imply a larger cost, or a        slower speed, solutions that may employ off-chip memory.    -   The specialised controller will derive the PS, RI, RI pair, RI2        and other allocation that corresponds to the GEK encryption key        that is currently in use, by using as reference the standard        allocation that is stored in the memory described above. For        example:        -   As described for the first encryption variable of the second            encryption approach, for class 4_4, there are seven            ICAC-to-ODC assignments. CLIO for class 4_4 is equal to            permutations of the seven ICAC-to-ODC assignments, which is            5,040. To cover this, in a memory-only implementation, 5,040            memory locations of 22 bits each would be required. The 22            bit specification represents the maximum word size for a PS            class allocation, as explained, and this maximum size is            used for all PS classes.        -   By specifying in the GEK which permutation of seven            ICAC-to-ODC is used in the current encryption cycle, the            5,040 memory locations can be saved, as follows:            -   The specialised controller mentioned above will read the                information pertaining to which permutation is used in                the current encryption cycle from GEK. This information                can be represented by a 13 bits word, to cover the 5,040                space.            -   The specialised controller then will read from the                standard memory, the seven standard allocation words of                22 bits each.            -   Out of these seven words and the 13 bit word, the                specialised processor will create the corresponding                seven word assignment corresponding to the permutation                being used in the current cycle.            -   The seven word assignment that has been determined by                the specialized controller, is written in an operational                memory, operational memory that is used to encrypt the                IFDS for the current cycle.    -   The GEK encryption key for the current cycle similarly has a        binary word (similar as the 13 bit word described above) for        every PS class, RI class, RI pair class, RI2 class, and other        encryption variables described above.        -   These binary words will have appropriate size function of            which encryption variable needs to be covered. For example,            a much larger number of bits will be needed to cover which            permutation is in use out of the permutations of 1276            necessary for class 22 RI encryption space. But this is            perfectly doable and represents no issue.        -   The specialized controller will read and interpret each and            every of these binary words for all the above described            encryption key spaces that are assembled in the GEK            encryption key, and write the full operational memory that            represents the GEK encryption key. This operational memory            will have sections for each of the encryption key spaces            described above.        -   Accordingly, an operational memory of the size equal to the            original standard allocation memory is created by the            specialised controller, by interpreting the GEK key.        -   Consequently, full coverage of the entire encryption space            is possible, with the cost of only two standard allocation            memory spaces and a specialized controller.    -   The penalty is the time that the specialized controller takes to        interpret the GEK key and to create the operational memory,        which is a RAM memory, as compared to a ROM memory for the        standard allocation memory that is used as reference. This        penalty is a one-time event per encryption cycle, no matter how        big the IFDS that is being encrypted is.    -   It must be noted that this penalty time is visible to a user        only for the first encryption cycle, or the first IFDS if the        data stream contains multiple IFDS. That is because once a GEK        encryption key is decoded and the operational memory is created,        the encryption of the IFDS is performed using the created        operational memory. In the time when the encryption of the IFDS        is performed, the next GEK encryption key is decoded and the        next operational memory is created by the specialized        controller, and this processed is not visible to the user, being        a parallel processor to the visible IFDS encryption process.    -   Finally, it must be noted that this solution disclosed here,        will require therefore a specialized controller with the        function as described above, a ROM memory for the standard        allocation as described, and two RAM operational memories of the        same size as the standard allocation ROM memory, where the said        size of the memory depends on variable m.

The solution mentioned above for the second difference, namely to makeboth hardware and software implementations reach a high security levelof a communication between a sender and a receiver, is disclosed next.The hardware implementation is detailed, and then parallel to thesoftware implementation is made. An example is provided to exemplifythis disclosed solution.

-   The challenge for the hardware implementation is how to preserve the    highest level of security. In other words, this means how to    communicate the encryption keys (GEK) between the sender and the    receiver, so that the receiver is able to decrypt the information    encrypted by the sender. This is essential, because the GEK keys are    dynamic, and if the GEK keys are sent over the communication    channel, even if they are sent encrypted, this would represent a    security risk. The practical implementation, disclosure here, is as    follows:    -   1. Every chip, or device, will have a unique ID, from the        factory. This unique ID is public, i.e. is communicated as part        of the communication protocol between the two devices involved        in the communication (i.e. the receiver and the sender), at the        start of the communication.    -   2. From the factory, each device has, hardwired, what is the        template of the encryption protocol and sequence that is going        to be used between that device only and every other device,        function of that other device ID.        -   a. This hardwired encryption protocol and sequence            represents a sequence of GEK keys.        -   b. The only possibility for a security breach to be            successful is to have the hardwired specifics for the two            specific devices engaged in the communication, in addition            to the receiver ID and the sender ID, in order to intercept            the communication. Since the sender and the receiver ID is            communicated on the communication channel, a successful            security breach must have the hardwired content defining the            communication between the two devices engaged in            communication - and this information is only available from            the chip manufacturer, or from the two devices involved in            communication. Obviously, a third party trying to breach in            would not have the two devices to have the hardwired            content, therefore the only way to have that content is from            the chip manufacturer. More on this below.    -   3. Variations on this approach are possible, such as the sender        and the receiver may know each other’s device ID, therefore        these are not transmitted anymore through the communication        channel, adding an additional lever to the security.    -   4. Other enhancements are possible, such as:        -   a. Use of additional security keys, encrypted or not, but            all these would require transmission or communication            between sender and receiver, directly on the communication            channel or indirectly through other means. These,            theoretically, can be intercepted, so, for high security            applications this may not be the best option to use. Of            course, since the hardwired hardware specifics of the two            devices are not available, intercepting these additional            security keys will not imply a breach, but since these            additional security keys can be intercepted, these            additional security keys would not bring a major advantage            either.        -   b. Another possible enhancement can be that the hardwired            specifics are skewed, or altered, by deterministic            non-transmissible information, such as the communication            date/time, outside temperature, information that can be            determined by both devices engaged in the communication,            information that has enough variability that will prevent a            third party to timely determine it.        -   c. Further, such deterministic information can be uniquely            processed to create a skewed encryption key to alter the            hardwired specifics, where this unique process applied to            the deterministic information to generate the skewed            encryption key is similarly hardwired to be unique between            specific two devices. This is useful, because it permits to            vary the encryption keys between two devices as a function            for example of the time that the communication takes place            at.        -   d. Concluding, the practical implementation, proposed above,            has as the only possible security breach to have the            hardware specifics for two very specific devices from the            chip manufacturer. Since a third party that would want to            breach a communication would not know apriori which is the            device IDs of the two devices engaged in the communication            of interest, it means that this third party must have the            hardware specifics for all devices that were manufactured by            the chip manufacturer. While compromising the chip            manufacturer and obtaining such information is possible,            such an event is highly unlikely, and in addition, an event            of such magnitude would be known by all users that their            communication may be compromised.    -   5. Additional observations:        -   a. The manufacturer implements the very specific encryption            protocol and sequence of one device that is going to be used            with another device only, as a template. This template will            include, as mentioned, a sequence of GEK keys. This template            is repeated for every communication, transmission, etc,            between those two devices, unless a skewed encryption key is            generated preferably as described at 4.c above, or more            general is skewed with deterministic non-transmissible            information, or with transmittable custom entries or            security keys as also described.        -   b. The manufacturer can hardwire the above named protocol            and sequence for devices that have been fabricated, but can            hardwire this for devices that will be fabricated as well by            generating IDs for devices that will be fabricated, in            advance. Such hardwire can be implemented as a ROM, or even            more secure, as a circuit. In case of a major event at the            manufacturer as described at 4.d above, event that would            compromise the security of devices, the manufacturer can            recall the devices and update the ROM content.        -   c. If the number of fabricated devices exceeds the number of            IDs that were predicted for future manufacture and hardwired            in one device, for those devices for which an ID was not            hardwired, a generic protocol and sequence will be used,            warning the device owner. The keys for this generic protocol            and sequence are still hardwired, so they are not            transmitted on the communication channel, but since these            are not device specific, the keys are less secure (easier to            be determined by a security breach, since they are used for            multiple devices).        -   d. Non-device specific keys are also used by one transmitter            to multiple receivers, such as a TV station broadcasting            encrypted to multiple subscribers.        -   e. Non-device specific keys can be used also by any            transmitter to any receiver by default, in a regular, less            secure communication, even when the respective transmitter            and receiver have valid IDs. In between such devices, the            more secure device-specific communication can be activated            by the user, on demand.        -   f. As mentioned, the implementation means to hardwire all            the said device specific keys can be for example in a device            specific ROM.

Brief notes on the memory needs and security level aspects in a softwareimplementation.

-   1. For the memory needs aspect, this is by no means an issue in a    software implementation. The controller from the hardware    implementation can be conveniently replicated in a software    implementation, for an equivalent functionality.-   2. For the security level, an equivalent software implementation to    the hardware implementation can also be implemented.    -   a. Every software installation on every device will have an ID,        which behaves similar to the hardware device ID    -   b. The hardwired template of the encryption protocol and        sequence between two unique, specific devices, will be part of        the software package, and is unique to the software installation        for that specific ID.    -   c. These two aspects will create an equivalent behaviour of the        device on which this software installation resides. A breach        will require the template of the encryption protocol and        sequence that is specific for the specific device/installation,        and this can be obtained, similarly from the software        manufacturer. However, the fact that it can also be a software        vendor involved, as well as the fact that software can be        breached, would make a software implementation less desirable        for high security applications as compared to a hardware        implementation.    -   d. All other considerations for a software implementation are        equivalent to the considerations detailed for the hardware        implementation.

Comparing the two implementations, it is clear that a softwareimplementation is much more convenient and lower cost for mostapplications, including consumer applications, while a hardwareimplementation is the best option for applications where security cannotbe compromised with, such as for military applications or high securitycommunications.

In both cases, software or hardware, the encryption flow described inFIG. 11 applies. Next, notes applicable to both software and hardwareimplementations are outlined, with hardware specifics highlights. Inboth implementations, the settings, at 1101 in FIG. 11 , are alreadyderived as discussed above with hardware and software specifics.Essentially, the 1101 settings are derived by the specialized controllerthat decodes the GEK encryption key and writes the operational RAMmemory. The GEK encryption keys correspond to the hardwiredcommunication protocol between two specific devices engaged in thecommunication, as explained above. In the encryption flow describedbelow, the derivation of the 1101 settings are considered complete,using a procedure as described above. Therefore, only the encryptionflow of the IFDS is described next.

-   1. The input data string to be encrypted is outlined as 1102 a. For    hardware implementation, this data is preferably received on a 32    bit data bus-   2. The first encryption setting out of the 1101 settings to be used,    is the m variable. This variable sets the maximum PS length, as    detailed above. Based on m, the IFDS is partitioned in PS, at 1103.    -   a. In hardware implementation, this step is implemented using a        specialized controller-   3. Every PS is transformed into a unique corresponding output at    1104, using the second encryption setting, the configuration    assignments.    -   a. In hardware, this transformation is performed using the        corresponding part of the operational memory derived after the        decoding of the GEK encryption key, where the PS is the address,        and the memory output corresponding to that address is the        unique corresponding output. This operation is performed by a        specified controller.-   4. The encrypted output from 1104 is divided into RI (1106) and    Detail (1107) strings at 1105. Consecutive RI are paired at 1108.    -   a. All these steps are implemented in hardware using a        specialized controller.-   5. Every pair of consecutive RI is transformed at 1109, using the    third encryption setting, the pairing assignments.    -   a. The highlights here are similar to the PS transformation        highlights at 1104. This part of the flow is using another part        of the operational memory, derived after the decode of the GEK        encryption key, where this part of the operational memory        details the RI pair and RI2 assignments.-   6. The encrypted RI pairs together with the original corresponding    details are assembled at 1110. The preferred assembling is that each    encrypted pair is followed by the corresponding details of the two    RIs in the pair.    -   a. In term of hardware, this assembly is implemented through a        specialized controller.-   7. The number of completed cycles is compared to the number of    cycles in the encryption settings (the last of the four encryption    settings), at 1111.    -   a. If the comparison generates a true value, the final data is        ousted at 1112.    -   b. If the comparison generates a false value, a new cycle        starts, by returning the output encrypted data from the current        cycle, on path 1113, to the input.    -   c. The new cycle may implement a full set of settings specified        again at 1101. It may also implement a partial set of settings,        such as only the pairing assignments may change from the        previous cycle. In any case, as explained, a new operational        memory is used after being derived for the new cycle, as        explained above.    -   d. In hardware, this is implemented by a specialized controller.-   8. As mentioned, the GEK encryption keys used for the encryption    cycle(s) are not transmitted over the communication channel. They    are part of the hardwired security settings of the communication    between two devices, as explained.

The decryption flow and hardware implementation, depicted in FIG. 12 ,is dual to the encryption flow and hardware implementation.

-   1. The receiver device has the protocol to communicate to a specific    sender device hardwired, as detailed above. In other words, the    received decodes the GEK keys used by the sender, in order to    perform the decryption, and writes the operational memory in 1201.    All these processes and steps have been already detailed above.-   2. The fully encrypted data is received at 1202. The first priority    to decrypt the received data is to recognize the encrypted RI pairs    (RI2 first, then RI pairs). In order to fulfil this task, a    multitude of settings (not shown in FIG. 12 in order to keep the    figure legible) are required:    -   a. Variable m is required because it will indicate how many PS        classes, therefore how many RI exist    -   b. Configuration assignments are required, in order to indicate        the meaning of each RI    -   c. Pairing assignments are required, to indicate the content of        each pair        -   i. In hardware, the a, b, c, settings above are interpreted            by a controller.-   3. Using the a, b, and c above, the decryption of the RI2 and RI    pair, at 1203, is performed using the corresponding part of the    derived operational memory over the written structure of the    encrypted data (RI pair followed by detail).    -   a. Since it is known therefore that the first thing in the        encrypted string is an encrypted RI2/RI pair, and since every        encrypted RI2/RI pair is unique given the data at a, b, and c        above, the encrypted RI2/RI pair is separated from the string        and decrypted.        -   i. In hardware, this separation is implemented by a            specialized controller. The decryption, as mentioned, is            performed using the corresponding part of the operational            memory, where the memory address is the encrypted RI2/RI            pair together with the m variable and select PS encryption            assignment flags, and the memory output is the decrypted            RI2/RI pair (i.e., the two RI).-   4. The decrypted RI2/RI pair will provide the two constituent RI.    Each RI will indicate the number of corresponding bits in the Detail    section, therefore Detail is separated from the string for the two    RI, and the two encrypted PS are obtained, at 1204.    -   a. In hardware, all this is implemented by a specialized        controller.-   5. The two PS are decrypted at 1205 using two settings: the m    variable and the Configuration assignments.    -   a. In hardware, this is implemented, similarly to the RI2/RI        pair decryption, using a corresponding part of the operational        memory, where the memory address is the encrypted PS together        with the m variable, and the memory output is the raw input PS.-   6. The number of cycles that are completed is compared to the number    of cycles in the settings at 1206. If the comparison generates a    true value, the final decrypted data is output for use at 1207. If    the comparison generates a false value, a new decryption cycle is    started by returning the decrypted data from the current cycle, on    path 1208, to the input. The new cycle will use, again, the same    settings that were used for the encryption based on a new, cycle    specific operational memory, as explained above.    -   a. In hardware, this is implemented by a specialized controller.

Note that applying an RB transformation to the entire IFDS before theabove described processing represents yet another encryption variable,since an RB transformation completely changes the IFDS therefore theencryption outcome. Such RB transformation can be applied for everyencryption cycle.

Another important note: the disclosed encryption/decryption method keepsthe file size constant in all conditions and for all operations thathave been disclosed. Keeping the file size constant is not limiting inany way to the disclosed aspects, i.e. the file size can be compressedor expanded before or during the encryption/decryption process. The keyaspect and condition when a compression or expansion of data isperformed is that this process of expansion compression preserves theuniqueness correspondence of the data so that the decryption uniquelyrestores encryption process to the initial data.

The applications of the disclosed DED method, when is implemented eitheras hardware or software, are countless. Some examples are provided justto outline the possibilities:

-   1. Secure audio and video communication, wired and wireless-   2. Secure audio and video broadcast-   3. “Pay per view” audio and video broadcast-   4. Secure data communication-   5. Secure data storage

From reading the present disclosure, other variations and modificationswill be apparent to the skilled person. Such variations andmodifications may involve equivalent and other features which arealready known in the art or are implied by the embodiments presented inthis disclosure. Such variations and modifications may increase theperformance of the DED method.

Although the appended claims are directed to particular combinations offeatures, it should be understood that the scope of the disclosure ofthe present invention also includes any novel feature or any novelcombination of features disclosed herein either explicitly or implicitlyor any generalisation thereof, whether or not it relates to the sameinvention as presently claimed in any claim and whether or not itmitigates any or all of the same technical problems as does the presentinvention.

Features which are described in the context of separate embodiments mayalso be provided in combination in a single embodiment. Conversely,various features which are, for brevity, described in the context of asingle embodiment, may also be provided separately or in any suitablesub-combination. The applicant hereby gives notice that new claims maybe formulated to such features and/or combinations of such featuresduring the prosecution of the present application or of any furtherapplication derived therefrom.

For the sake of completeness it is also stated that the term“comprising” does not exclude other elements or steps, the term “a” or“an” does not exclude a plurality, and reference signs in the claimsshall not be construed as limiting the scope of the claims.

1. A binary data structure, comprising: a string of binary bits; whereinsaid string is described in term of number of bits in consecutive groupsof bits; wherein each of the said consecutive groups of bits are groupsof bits where the bits are of same bit type as either 0 (0 logic) or 1(1 logic); wherein said bit type in any two of said consecutive groupsof bits are of the opposite type, or alternating from 0 to 1 or from 1to 0; wherein a first bit in the said string of bits is used asreference to determine the bit type in every of said consecutive groupsof said alternating same type bits; a group of certain number of bitsthat have a preferred bit pattern; wherein the said preferred bitpattern is a group of four bits of same bit type; wherein with respectto said preferred bit pattern, the rest of the bits in the said stringof bits form groups characterized either by the same preferred bitpattern or by a different bit pattern; wherein the said different bitpattern is compared to the said preferred bit pattern as having a lowergrade or a higher grade; wherein the said lower grade is a group of one,two, or three bits of same bit type; wherein the said higher grade is agroup of five or more bits of same bit type; a first group of saidpreferred bit pattern or of said higher grade that is detected in thesaid string of bits; wherein in-between the first bit in the said stringand the first bit in said first group there are zero bits, meaning thatthe said first group is first in the said string; a second group of bitsof said preferred bit pattern that is detected in the said string ofbits; wherein when the said first group does not exist, in-between thefirst bit in the said string and the first bit in said second groupthere is at least one bit, and when the said first group exists, saidsecond group follows said first group and in-between the last bit ofsaid first group and first bit of said second group there is at leastone bit; a third group of bits of said preferred bit pattern or of saidhigher grade that immediately follows the said second group, whereinsaid immediately means that in-between the last bit of said second groupand the first bit of said third group there are zero bits; wherein thebits in the said third group can be either of same or opposite bit typeas the bits in the said second group; a fourth group of said preferredbit pattern which follows the said third group and in-between the lastbit of said third group and first bit of said fourth group there is atleast one bit; a fifth group of said preferred bit pattern which followsthe said fourth group and in-between the last bit of said fourth groupand first bit of said fifth group there is at least one bit; wherein atleast one of the following pairs exist in the said string, as said firstgroup and said second group, said second group and said first bit andnot said first group, said third group and said fourth group, saidfourth group and said fifth group, and wherein according to these pairs,in-between said first group and said second group, or in-between saidfirst bit in the said string and said second group, or in-between saidthird group and said fourth group, or in-between said fourth group andsaid fifth group there is one or more groups of only said lower grade;wherein summing all the bits for all groups of said lower grade thatexist in-between one of said pairs, a number that is characteristic, ora characteristic number, is formed for the said groups of lower grade,with said characteristic number greater than zero; a set of saidcharacteristic numbers that are accepted for use, wherein said numbersare in-between one and a determined maximum characteristic numbergreater than one; wherein said bits characterized by said characteristicnumbers are said to form classes, where each class is characterized bythe respective characteristic number; wherein part of said classes endin a group of bits of preferred bit pattern, and where part of saidclasses do not end in a group of bits of preferred bit pattern; whereinthe said classes that end in a group of bits of preferred bit patternalways include the said determined maximum characteristic number, calledDMCN; wherein the said classes that do not end in a group of bits ofpreferred bit pattern always include the characteristic numbers thatrefer to the said DMCN as (DMCN-1), (DMCN-2), and (DMCN-3) only; whereinthe said classes that end in a group of bits of preferred bit patternnever include the characteristic numbers that refer to the said DMCN as(DMCN-1) and (DMCN-2); and wherein every class of the said classes thatdo not end in a group of bits of preferred bit pattern always containthe groups of bits characterized by (DMCN-1), (DMCN-2), or (DMCN-3),followed by a group of same type bits of respectively 1, 2, or 3 bitswhere the absolute value of these bits is opposite from the last bit inthe (DMCN-1), (DMCN-2), (DMCN-3) groups, and where said group of sametype bits of respectively 1, 2, or 3 bits is followed by a group ofopposite absolute value of either 1, 2, or 3 same type bits, thereforethere are always nine classes that do not end in a group of bits ofpreferred bit pattern.
 2. The binary data structure of claim 1 whereinthe said string of binary bits is first described in term of changein-between two consecutive bits, with said change being either constantfrom bit-to-bit (0-to-0 or 1-to-1), or opposite from bit-to-bit (0-to-1or 1-to-0), and wherein said string, once is described in term of changein-between two consecutive bits is then described according to claim 1.3. The binary data structure of claim 1, further comprising: a uniquesequence of bits representing every unique sequence of input bits;wherein said unique sequence of input bits belongs to one of the saidclasses that end in a group of bits of preferred bit pattern, or belongsto one of the said nine classes that do not end in a group of bits ofpreferred bit pattern, or belongs to a group of bits of preferred bitpattern or of higher grade that follows a group of bits of preferred bitpattern; and wherein the said unique sequence of bits representing everyunique sequence of input bits has the same number of bits as the saidunique sequence of input bits.
 4. The binary data structure of claim 3,wherein the said unique sequence of bits representing every uniquesequence of input bits comprises: a set of core identifiers where eachcore identifier in this set has a number of bits equal to the number ofbits in the preferred bit pattern, respectively four bits; wherein thereare sixteen unique core identifiers in the set of core identifiers, eachbeing described by one of the possible combinations of four bits;wherein each of the said sixteen core identifiers identify a group ofbits of preferred bit pattern that follows a group of bits of preferredbit pattern, or a group of bits of higher grade that follows a group ofbits of preferred bit pattern, or, respectively, one of fourteen of saidclasses that end in a group of bits of preferred bit pattern only;wherein said core identifier that identifies a group of bits ofpreferred bit pattern that follows a group of bits of preferred bitpattern has no further bits following it; wherein said core identifierthat identifies a group of bits of higher grade that follows a group ofbits of preferred bit pattern is followed by a unique sequence of bitsthat identifies the number of bits in the said group of bits of highergrade; wherein every of the said fourteen core identifiers thatidentifies one of the fourteen of said classes that end in a group ofpreferred bit pattern is followed by a sequence of bits of strictcontent; and wherein said strict content is followed by a special bitthat indicates if the group of bits following the group of bits ofpreferred bit pattern in which the current class of the said fourteenclasses end is of the same or opposite type as the bits in the saidgroup of bits of preferred bit pattern.
 5. The binary data structure ofclaim 4, wherein said strict content comprises: a unique sequence ofbits, where the number of bits in this unique sequence is equal to thecharacteristic number of that respective class minus one; wherein saidunique sequence of bits is uniquely described by an orderly combinationof bits, where each of this orderly combination of bits describes anacceptable input binary combination of bits; wherein the number of allacceptable binary combinations of bits in a class characterized by asaid characteristic number is smaller than all possible binarycombinations for that characteristic number, when the saidcharacteristic number is larger or equal to the number of bits in thesaid preferred bit pattern; wherein the number of all acceptable binarycombinations of bits in a class characterized by a said characteristicnumber is equal to all possible binary combinations for thatcharacteristic number when the said characteristic number is smallerthan the number of bits in said preferred bit pattern; wherein, for aclass characterized by a characteristic number, the difference betweenthe said number of possible binary combinations and the said number ofacceptable binary combinations are called remain combinations; whereineach of the said remain combinations is uniquely described by a saidorderly binary combination of bits that was not used to describe any ofthe said acceptable binary combinations; and wherein the number of saidacceptable binary combinations plus the number of said remaincombinations is equal to the number of said possible binarycombinations.
 6. The binary data structure of claim 5, wherein saidremain combinations for all said fourteen classes are uniquely used asidentifiers to describe a unique set of higher-order set of classes;wherein said higher-order set of classes comprises of classes with acharacteristic number that is larger than any of the said fourteenclasses and that end in a group of bits of said preferred bit pattern,and also comprises of the said nine classes that do not end in a groupof bits of said preferred bit pattern; wherein each of said higher-orderclasses uses a well-defined number forming a specific set of saididentifiers or remain combinations and where this well-defined number iscalled higher-order class specific number of identifiers or HCSNI;wherein a specific said identifier belonging to a said specific set in aspecific HCSNI is used to identify one of these higher classes and thereare as many HCSNI as the number of higher-order classes; and whereinwhen a higher-order class ends in a preferred bit pattern, anyidentifier in the specific HCSNI is followed by an orderly combinationthat has the number of bits equal to the characteristic number of thatclass minus one, and then followed by a said special bit, and whereinwhen a higher-order class is one of the said nine classes, then any ofsaid identifier in the specific HCSNI is followed by an orderlycombination that has the number of bits equal to the characteristicnumber of that respective class.
 7. The binary data structure of claim6, wherein for each of said fourteen classes, said orderly combinationsdescribing said acceptable binary combinations within each class arepermutated in-between them, and wherein each such permutation for everyof said classes represents an encryption key, and where the total numberof such permutations within a class constitutes encryption spaceES1_class, with fourteen such spaces.
 8. The binary data structure ofclaim 6, wherein said sixteen core identifiers are permutated in-betweenthem, and wherein each such permutation represents an encryption key,and where the total number of such permutations constitutes encryptionspace ES2.
 9. The binary data structure of claim 6, wherein for eachhigher-order class, the said identifiers within that class-specificHCSNI members are permutated in-between them, and wherein each suchpermutation for every of said higher-order classes represents anencryption key, and where the total number of such permutations within aclass constitutes encryption space ES3_class, with the number of suchspaces equal to the number of said higher-order classes.
 10. The binarydata structure of claim 6, wherein for each of said higher-orderclasses, said orderly combinations describing said acceptable binarycombinations within each class are permutated in-between them, andwherein each such permutation for every of said classes represents anencryption key, and where the total number of such permutations within ahigher-order class constitutes encryption space ES4_class, with thenumber of such spaces equal to the number of said higher-order classes.11. The binary data structure of claim 6, further comprising: a limitednumber of binary words called root identifiers; wherein said rootidentifiers are formed by comprising identifiers (core or remainconfigurations) only, or said identifiers and select bits that are partof said orderly combinations; wherein said root identifiers are formedsuch that each of said root identifiers represent the least number ofbits that are common to a collection of said identifiers only or saididentifiers followed by said orderly combinations, all that describeonly one of said characteristic numbers, and such that in order to fullydescribe all possible binary combinations of every individualcharacteristic number, the least number of said root identifiers arenecessary; and wherein all said root identifiers, for all saidcharacteristic numbers, create a family of root identifiers, wherewithin this family, the said root identifiers have a number of bitswithin a well-defined range, and where each of the said number of bitsis represented by multiple of said root identifiers.
 12. The binary datastructure of claim 11 wherein all said root identifiers of a specificnumber belonging to said family of root identifiers are permutatedin-between them, and wherein each such permutation creates an encryptionkey, and where the total number of such permutations constitutesencryption space ES5_class, with the number of such spaces equal to thenumber of said numbers in said family of root identifiers.
 13. Thebinary structure of claim 11, further comprising every two consecutivesaid root identifiers are paired and to every such pair a new optimizedbinary combination is assigned; wherein said every two consecutive rootidentifiers, when paired, form classes of two root identifiers where thenumber of bits in such class equals the sum of number of bits of the tworoot identifiers; wherein said optimized binary combination is specificto every of said class of two root identifiers and comprises a rootidentifier pair ID that is specific to that class and a root identifierpair orderly combination that is specific to that class; wherein allsaid root identifies pair IDs for all classes create a family of rootidentifier pair IDs and within said family there are root identifierpair IDs having a number of bits within a well-defined range and wherefor each such number of bits there are multiple distinct root identifierpair IDs; and wherein all root identifier pair orderly combinations forone of said classes of two root identifiers create a family of classroot identifier pair orderly combinations.
 14. The binary data structureof claim 13 wherein said multiple distinct root identifiers of onespecific said number are permutated in-between them, and wherein eachsuch permutation creates an encryption key, and where the total numberof such permutations constitutes encryption space ES6_class, with thenumber of such spaces equal to the integer number within saidwell-defined range of root identifier pair IDs.
 15. The binary datastructure of claim 13 wherein said orderly combinations belonging toeach of said family of class root identifier pair orderly combinationsare permutated in-between them, and wherein each such permutationcreates an encryption key, and where the total number of suchpermutations constitutes encryption space ES7_class, with the number ofsuch spaces equal to the number of said classes of two root identifiers.16. The binary data structure of claim 6 comprising: said sixteen coreidentifiers; wherein said sixteen core identifiers are permutatedin-between them, wherein each such permutation represents an encryptionkey, and wherein the total number of such permutations constitutesencryption space ES2; said fourteen classes; wherein for each of saidfourteen classes, said orderly combinations describing said acceptablebinary combinations within each class are permutated in-between them;wherein each such permutation for every of said fourteen classesrepresents an encryption key, and where the total number of suchpermutations within a class constitutes encryption space ES1 class, withfourteen such spaces; said higher-order classes: wherein for each saidhigher-order class, the said identifiers within that said class-specificHCSNI members are permutated in-between them, wherein each suchpermutation for every of said higher-order classes represents anencryption key, and where the total number of such permutations within aclass constitutes encryption space ES3 class, with the number of suchspaces equal to the number of said higher-order classes; wherein foreach said higher-order class, the said orderly combinations describingsaid acceptable binary combinations within each class are permutatedin-between them, wherein each such permutation for every of said classesrepresents an encryption key, and where the total number of suchpermutations within a higher-order class constitutes encryption spaceES4 class, with the number of such spaces equal to the number of saidhigher-order classes; a limited number of binary words called rootidentifiers; wherein said root identifiers are formed by comprisingidentifiers (core or remain configurations) only, or said identifiersand select bits that are part of said orderly combinations; wherein saidroot identifiers are formed such that each of said root identifiersrepresent the least number of bits that are common to a collection ofsaid identifiers only or said identifiers followed by said orderlycombinations, all that describe only one of said characteristic numbers,and such that in order to fully describe all possible binarycombinations of every individual characteristic number, the least numberof said root identifiers are necessary; and wherein all said rootidentifiers, for all said characteristic numbers, create a family ofroot identifiers, where within this family, the said root identifiershave a number of bits within a well-defined range, and where each of thesaid number of bits is represented by multiple of said root identifiers;said root identifiers; wherein all said root identifiers of a specificnumber belonging to said family of root identifiers are permutatedin-between them; wherein each such permutation creates an encryptionkey, and where the total number of such permutations constitutesencryption space ES5 class, with the number of such spaces equal to thenumber of said numbers in said family of root identifiers; said rootidentifiers: wherein every two consecutive said root identifiers arepaired and to every such pair a new optimized binary combination isassigned; wherein said every two consecutive root identifiers, whenpaired, form classes of two root identifiers where the number of bits insuch class equals the sum of number of bits of the two root identifiers;wherein said optimized binary combination is specific to every of saidclass of two root identifiers and comprises a root identifier pair IDthat is specific to that class and a root identifier pair orderlycombination that is specific to that class; wherein all said rootidentifies pair IDs for all classes create a family of root identifierpair IDs and within said family there are root identifier pair IDshaving a number of bits within a well-defined range and where for eachsuch number of bits there are multiple distinct root identifier pairIDs; wherein all root identifier pair orderly combinations for one ofsaid classes of two root identifiers create a family of class rootidentifier pair orderly combinations; said multiple root identifier pairIDs; wherein said multiple distinct root identifiers of one specificsaid number are permutated in-between them; wherein each suchpermutation creates an encryption key, and where the total number ofsuch permutations constitutes encryption space ES6 class, with thenumber of such spaces equal to the integer number within saidwell-defined range of root identifier pair IDs; said root identifierpair orderly combinations; wherein said orderly combinations belongingto each of said family of class root identifier pair orderlycombinations are permutated in-between them; wherein each suchpermutation creates an encryption key, and where the total number ofsuch permutations constitutes encryption space ES7 class, with thenumber of such spaces equal to the number of said classes of two rootidentifiers; wherein an encryption / decryption method is formed;wherein the total encryption space of the said encryption / decryptionmethod comprises a set of said encryption spaces ES2, with all the saidnumbers of such said encryption spaces as ES1_class, ES3_class,ES4_class, ES5_class, ES6_class, ES7_class, wherein this is repeated byan unlimited but defined number of times, wherein each of saidencryption spaces within the said set is associated to an encryptionsub-key that is represented by an appropriate number of bits, and wherethe said number of bits for all said encryption sub-keys are assembledinto one encryption key that is characteristic to each of the saidunlimited but defined number of times.
 17. The encryption / decryptionmethod of claim 16 where each of said number of bits assembled into saidencryption key is interpreted with respect to a reference assignment ofthe data which the said encryption sub-key that the said number of bitsrepresent, in order to determine the applicable assignment of theequivalent data that corresponds to the said encryption sub-key.
 18. Theencryption / decryption method of claim 17 comprising of a hardware orsoftware implementation where in order to preserve a securecommunications between two specific identifiable devices, the twodevices have hardwired or soft-wired a protocol comprising of a set ofsaid encryption keys and a specific order of these keys that are usedonly during the communication between these two devices, and where thesaid set protocol can be skewed using user information that may be alsoaltered by a hardwired or soft-wired procedure that is specific to thesaid two devices only.
 19. A secure communication method between any twodevices that are uniquely identifiable comprising a unique encryptionsequence and protocol that is specific to said two devices only, wheresaid unique encryption sequence is part of a total, well definedencryption space, where said unique encryption sequence and protocol arehardwired by software of hardware means in the said two devices in orderto insure communication security, and where the said encryption sequenceand protocol can be altered by deterministic non-transmittable meansin-between the two devices, or by any transmittable means in-between thetwo devices at the time of communication, and where said means can bealtered by a hardwired or soft-wired procedure that is specific to thesaid two devices only.
 20. An encryption / decryption method comprisingan initial binary data structure having a well defined set of finitelength bit strings, where said bit strings comprise of well-defined bitsub-strings, where said bit-substrings create well-defined groups thatare formed based on well-defined criteria, where each of said groupshave members of said bit substrings, and where said members can beinterchanged to form a different binary data structure that isequivalent to said initial binary data structure.